Re: Mail loops when relaying and using smtp auth
Thanks for everyone’s input! I think the issue is resolved. Please see below. > On Nov 28, 2018, at 6:44 PM, Matt Schwartz wrote: > > Also, OpenSMTPD 6.4 has the added advantage of more reliable message > queueing. If you restart the smtp daemon, the queue resumes reliably. There > is no good reason to stick with the older version of OpenSMTPD. I didn’t know about the OpenSMTPd changes in OpenBSD 6.4—but I do plan to upgrade to that within a month or so. This mail server has been working very well as a relay for many months—I recently added the smtp auth stuff, and ran into this problem. > > On Wed, Nov 28, 2018, 8:41 PM Thomas Bohl wrote: > > By default, there is ‘accept from local for any relay’, and I’ve kept that > > in place. Is this what you were referring to? > > That is what's casing the loop. "relay" looks for the MX record (Which > is what you want for everting but your own domain). "relay via" skips that. Removing that line resolved the mail loop issue. > > As a test to understand what you’d recommended, I added > > > > accept from local for domain relay via > > > > and tested—that presented the same mail loop problem. > > 1. Is what you call "upstream"? Aka your mailbox system? Yes. > 2. Are the accept lines in the right order? From specific to common. They weren’t. I moved ‘accept from local for any relay’ to the bottom of the relay rules (it was previously in its default location at the top of smtpd.conf). That resolved the mail loop issue, and still allows non-local email from authenticated users to be delivered. > 3. Can you post the error log? There isn’t much in the way of errors—it just showed this: Nov 29 00:53:55 hostname smtpd[93758]: warn: loop detected Nov 29 00:53:55 hostname smtpd[93758]: 41ffd55e6342f33e smtp event=failed-command address=###.###.###.### host=server.domain.tld command="DATA" result="500 5.4.6 Routing loop detected: Loop detected" There are actually quite a few related lines that precede these two, but they all show the same thing—the single email being delivered and received many times before the loop is detected. > (4. Full smtpd.conf would be nice.) Here’s the config with the change noted above: table aliases file:/etc/mail/aliases listen on lo0 accept for local alias deliver to mbox mx_domain = “server.domain.tld" pki $mx_domain certificate "/etc/ssl/domain.tld.fullchain.pem" pki $mx_domain key "/etc/ssl/private/domain.tld.key” listen on egress tls hostname $mx_domain pki $mx_domain accept from any for domain relay via accept from local for any relay smtp_domain = “server.domain.tld" pki $smtp_domain certificate "/etc/ssl/domain.tld.fullchain.pem" pki $smtp_domain key "/etc/ssl/private/domain.tld.key" table smtpout_auth file:/etc/mail/smtpout_auth listen on egress port 465 smtps auth hostname $smtp_domain pki $smtp_domain listen on egress port 587 tls-require auth hostname $smtp_domain pki $smtp_domain > > I’m somewhat new to OpenSMTPd > > Then you should skip 6.3 and move to OpenBSD 6.4, because of the new > configuration style. You are learning a deprecated config style at the > moment. I was unaware of the new config style, but I’ll be migrating to 6.4 over the next month or so. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Mail loops when relaying and using smtp auth
I think the full config minus pki stuff would be useful. Till then look at tags. It may be useful. listen on 587 auth ... tag authed accept tagged authed ... On Nov 28, 2018 5:32 PM, Thomas Smith wrote: > > Hi, > > I’m running OpenSMTPd on OpenBSD 6.3. > > The server is used primarily as a mail filtering relay, filtering with spamd; > however, it’s also used, on a more limited bases, to send outbound emails. > > If I’m only relaying email for domain.com, relaying works fine. In this > context, an external user would send an email to u...@domain.com, that email > would pass through this server first, then it would be delivered upstream. > > It’s this second context that causes issues… > > If user1 attempts to send an outbound email through this server—that is, > user1 is authenticating to this server for the sole purpose of sending an > email—and sends that email to u...@domain.com, I end up with a mail loop > since the server itself is listed as the MX for domain.com. > > My question is this… > > It is possible to configure OpenSMTPd to detect this scenario and to know > that it should relay that email to domain.com rather than trying to deliver > it to its MX server, which happens to be the server itself? > > Here’s a very abridged version of my config, showing the relay and > authentication configurations: > > accept from any for domain relay via # relay config > listen on egress port 587 tls-require auth hostname > $smtp_domain pki $smtp_domain # outbound smtp auth config > > If the answer to my question is that this isn’t possible, can someone > recommend an alternative way of configuring OpenSMTPd to make it work? The > objective would be to provide both of these services on the same server, > instead of separate servers. > > Thank you, > > ~ Tom > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Re: Mail loops when relaying and using smtp auth
Also, OpenSMTPD 6.4 has the added advantage of more reliable message queueing. If you restart the smtp daemon, the queue resumes reliably. There is no good reason to stick with the older version of OpenSMTPD. On Wed, Nov 28, 2018, 8:41 PM Thomas Bohl > By default, there is ‘accept from local for any relay’, and I’ve kept > that in place. Is this what you were referring to? > > That is what's casing the loop. "relay" looks for the MX record (Which > is what you want for everting but your own domain). "relay via" skips that. > > > > As I understand it, ‘accept from any’ would be inclusive of ‘local’—is > this not the case? > > No, I believe you are right. > > > > As a test to understand what you’d recommended, I added > > > > accept from local for domain relay via > > > > and tested—that presented the same mail loop problem. > > 1. Is what you call "upstream"? Aka your mailbox system? > 2. Are the accept lines in the right order? From specific to common. > 3. Can you post the error log? > (4. Full smtpd.conf would be nice.) > > > > I’m somewhat new to OpenSMTPd > > Then you should skip 6.3 and move to OpenBSD 6.4, because of the new > configuration style. You are learning a deprecated config style at the > moment. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Mail loops when relaying and using smtp auth
By default, there is ‘accept from local for any relay’, and I’ve kept that in place. Is this what you were referring to? That is what's casing the loop. "relay" looks for the MX record (Which is what you want for everting but your own domain). "relay via" skips that. As I understand it, ‘accept from any’ would be inclusive of ‘local’—is this not the case? No, I believe you are right. As a test to understand what you’d recommended, I added accept from local for domain relay via and tested—that presented the same mail loop problem. 1. Is what you call "upstream"? Aka your mailbox system? 2. Are the accept lines in the right order? From specific to common. 3. Can you post the error log? (4. Full smtpd.conf would be nice.) I’m somewhat new to OpenSMTPd Then you should skip 6.3 and move to OpenBSD 6.4, because of the new configuration style. You are learning a deprecated config style at the moment. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Mail loops when relaying and using smtp auth
> On Nov 28, 2018, at 5:28 PM, Thomas Bohl > wrote: > > Hi, > >> It is possible to configure OpenSMTPd to detect this scenario and to know >> that it should relay that email to domain.com rather than trying to deliver >> it to its MX server, which happens to be the server itself? >> >> Here’s a very abridged version of my config, showing the relay and >> authentication configurations: >> >> accept from any for domain relay via # relay config > > Use "accept from local" to tell the server what to do with an > authenticated sessions. > > (It would be "match auth" for the new configuration style.) > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > Thank you for the reply. Can you elaborate a little please? By default, there is ‘accept from local for any relay’, and I’ve kept that in place. Is this what you were referring to? As I understand it, ‘accept from any’ would be inclusive of ‘local’—is this not the case? As a test to understand what you’d recommended, I added accept from local for domain relay via and tested—that presented the same mail loop problem. I’m somewhat new to OpenSMTPd, so I apologize if these questions are naive—I haven’t been able to locate any documentation that would offer some advice for how I’m trying to configure things. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Mail loops when relaying and using smtp auth
Hi, It is possible to configure OpenSMTPd to detect this scenario and to know that it should relay that email to domain.com rather than trying to deliver it to its MX server, which happens to be the server itself? Here’s a very abridged version of my config, showing the relay and authentication configurations: accept from any for domain relay via # relay config Use "accept from local" to tell the server what to do with an authenticated sessions. (It would be "match auth" for the new configuration style.) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Mail loops when relaying and using smtp auth
Hi, I’m running OpenSMTPd on OpenBSD 6.3. The server is used primarily as a mail filtering relay, filtering with spamd; however, it’s also used, on a more limited bases, to send outbound emails. If I’m only relaying email for domain.com, relaying works fine. In this context, an external user would send an email to u...@domain.com, that email would pass through this server first, then it would be delivered upstream. It’s this second context that causes issues… If user1 attempts to send an outbound email through this server—that is, user1 is authenticating to this server for the sole purpose of sending an email—and sends that email to u...@domain.com, I end up with a mail loop since the server itself is listed as the MX for domain.com. My question is this… It is possible to configure OpenSMTPd to detect this scenario and to know that it should relay that email to domain.com rather than trying to deliver it to its MX server, which happens to be the server itself? Here’s a very abridged version of my config, showing the relay and authentication configurations: accept from any for domain relay via # relay config listen on egress port 587 tls-require auth hostname $smtp_domain pki $smtp_domain # outbound smtp auth config If the answer to my question is that this isn’t possible, can someone recommend an alternative way of configuring OpenSMTPd to make it work? The objective would be to provide both of these services on the same server, instead of separate servers. Thank you, ~ Tom -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
